Last Updated: January 5, 2025
IntroductionAt Tether Supervision, we are committed to protecting the confidentiality, integrity, and availability of the data entrusted to us. This includes, but is not limited to, Protected Health Information (PHI), Personally Identifiable Information (PII), and other sensitive client and operational data.
This Information Security Policy outlines our comprehensive approach to data protection, regulatory compliance, and secure service delivery. It reflects our ongoing commitment to maintaining trust and transparency with our customers, partners, and users.
1. Scope
This policy applies to all employees, contractors, vendors, and systems that interact with Tether Supervision’s data or infrastructure. It governs all data storage, transmission, and processing activities conducted through our platforms and technology partners, including digital, physical, and verbal communication.
2. Data Protection Measures
Tether Supervision implements rigorous technical and administrative controls to protect sensitive data:
*
Encryption: All data in transit is encrypted using TLS 1.3 or higher. Data at rest is encrypted with industry-standard AES-256 encryption.
*
Access Controls: Access to systems and data is role-based and adheres to the principle of least privilege. Multifactor authentication (MFA) is enforced for privileged accounts.
*
Data Retention and Deletion: Data is retained only as necessary to meet business or legal obligations. Upon contract termination, data is securely deleted following applicable regulations.
3. Compliance
Tether Supervision complies with all relevant regulatory frameworks, including:
*
HIPAA and HITECH: PHI is safeguarded through strict internal policies and signed Business Associate Agreements (BAAs) with key service providers.
*
State and Local Regulations: We comply with regional privacy and security laws in all jurisdictions where our services are offered.
4. Risk Management
We implement continuous and proactive risk management practices to minimize potential threats:*
Incident Response: A documented Incident Response Plan is in place to detect, respond to, and recover from security incidents.
*
Third-Party Security: All subcontractors and vendors sign Business Associate Agreements (BAAs) that outline their responsibility for compliance and data protection.
5. Security Awareness and Training
All employees and contractors undergo mandatory security training during on cybersecurity best practices, regulatory compliance, and Tether Supervision’s internal policies. Training programs are updated to reflect new threats and industry standards.
6. Monitoring and Audit
Systems are continuously monitored for unauthorized access, suspicious activities, and potential vulnerabilities. Audit logs are maintained to track access to sensitive data, including who accessed it, when, and for what purpose. Periodic reviews of logs and policies ensure compliance and the effectiveness of our security controls.
7. Physical and Cloud Security
* Physical Security: Tether Supervision does not maintain on-premises servers. All infrastructure is hosted by third-party cloud providers with independently audited physical and environmental controls.
* Cloud Security: Primary and backup data are stored in secure, geographically diverse cloud environments under strict contractual and technical safeguards.
8. Customer and Partner Engagement
We prioritize transparency and collaboration with customers and partners:
* Relevant documentation to support security reviews (e.g., policy summaries, audit references, and compliance attestations from infrastructure providers).
* Prompt responses to security-related inquiries.
* Clear articulation of shared security responsibilities between Tether Supervision and its customers.
9. Policy Review and Updates
This policy is reviewed annually or as needed to reflect changes in regulatory requirements, industry standards, or organizational practices.
Contact InformationFor questions about this policy or additional information, please contact:
Tether Supervision Security Team
Email:
security@tethersupervision.comPhone: +1 (832) 974-0401
Last Updated: January 5, 2025
Approved By: Sam Beger, Chief Operating Officer
Tether Supervision remains committed to maintaining the highest standards of data protection and regulatory compliance, ensuring the secure handling of sensitive information throughout our operations.
.png)
